I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

desktops to users or RDSH in Horizon 6 to publish applications, the Workspace Portal is an even more valuable tool. Luckily, adding View pools to a Workspace appliance is a straightforward process.

With single sign-on (SSO) and access to many different resource types, VMware's Workspace Portal aims to be the central place for your users to start when they want to access applications. It is really a customizable, browser-based launcher with a self-service app store that workers can use to access their desktops and applications from any device. Workspace centralizes Web apps, ThinApp and XenApp applications, as well as published Remote Desktop Session Host (RDSH) applications. You can also give users access to VMware virtual desktop pools from the same launch page.

This article will walk you through adding View pools to an existing Workspace Portal. Once integrated, users can add virtual desktops to their portals and launch them without having to authenticate themselves again.

Integrating View with Workspace

The process of integrating View into Workspace is fairly straightforward. First, make sure your Workspace appliance is joined to Active Directory (AD) and that directory Sync requires user accounts have User Principal Name (UPN) attributes. Then tell View to trust Workspace and tell Workspace where to find View.

Joining the appliance to AD uses the same process you would use to join many other VMware appliances: Identify the domain by its domain name system (DNS) name and provide credentials with rights to add a computer to the domain. Because the initial appliance setup involves LDAP access to AD, you will already have the right DNS, routing and firewall configuration.

It's best to add the requirement for UPNs for synchronized accounts as you set up the appliance. If you add this requirement after accounts are synchronized and before you have UPNs, the accounts will be removed from Workspace. It's a good idea to do a manual directory sync so you can check to see if any accounts get removed.

Your View Connection Servers need to be told that the Workspace Portal will authenticate users and use SAML to validate these users against View.

Using SAML involves View trusting Workspace for authentication, rather than having users log on with their AD credentials again. On each connection server you must allow "Delegation of Authentication to VMware Horizon," and on one connection server you must also set up the authenticators.

To setup an authenticator, simply give Workspace a name in View, then enter the URL of your Workspace server. If your View environment doesn't trust the Secure Sockets Layer certificates on your Workspace server, then you will need to confirm that you accept the certificate. This is a great reason to put a trusted certificate on Workspace, even if it's one issued by your internal certificate authority.

Figure 1 Connection Server setup

Setting things up on the Workspace side is simple too:

Enter the name of one of your connection servers and provide some View administrator credentials to connect. Again, having trusted certificates will make this simple and immediate. If you are still using the default self-signed certificates, then you will need to confirm them, also a two-click process.

Once the connection servers are set up, you can configure scheduled sync and whether virtual desktop pools should be automatically added to users' Workspaces. Frequent sync means that changes to users' pool entitlements will appear in their Workspace sooner. Leaving the pools set as User Initiated means pools appear on the App Center page, rather than on their portals. The Automatic setting puts the pools on the portal immediately.

One possible stumbling block for this process is if there is a firewall separating your Workspace server from your View Connection Servers. Workspace needs to access both View Web services and the Active Directory Application Mode instance on the connection servers. Make sure HTTPS and the AD ports are open from Workspace to all your Connection servers.

Figure 2 Adding View Pools

Once a View pool is added to Workspace and synchronized, users will be able to add their pools to their portals or remove them. Workspace controls Web app entitlement, but View controls View pool entitlement. Both usually use AD groups to control access to resources. View pools also have the same icons in Workspace as they do in View, helping users identify their pools.

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

We have this running fine now, but there was an initial issue with getting apps in View to run from the portal. It turns out that the portal uses Access URLs to integrate with the view pod, and if you don't have the correct network ranges specified as default, the end user can't connect to the right View client access URL and port number, and the View client won't launch. But a fairly easy fix.